External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-11 10:00:03 -03:30
Code Issues Packages Projects Releases Wiki Activity
5,628 Commits 43 Branches 87 Tags
Commit Graph

5628 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Ruynat
c1a686bf47 Update hashes for 1.20.5/1.19.9/1.18.17 
(cherry picked from commit 6d3dbb43a4a53e76df6d300f7b2e800e71f314db)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
eb8dd77ab6 Fix calico crds missing 3.16.9 (#7386) 
(cherry picked from commit ead8a4e4de69a6a1c580767df02b1707796c1626)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
cd46286523 Update CNI (calico, kubeovn, multus) and Helm 
(cherry picked from commit 05f132c136b9d43ea342ced426afc49c4e1cfeb7)
 2021-03-23 07:29:36 -07:00
Erwan Miran
e12850be55 Download Calico KDD CRDs (#7372) 
* Download Calico KDD CRDs

* Replace kustomize with lineinfile and use ansible assemble module

* Replace find+lineinfile by sed in shell module to avoid nested loop

* add condition on sed

* use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"

(cherry picked from commit 1c62af0c95321ac09fa2289b586c82b3df24376d)

Conflicts:
        roles/network_plugin/calico/tasks/install.yml
 2021-03-23 07:29:36 -07:00
Florian Ruynat
5e4f3cabf1 Update nodelocaldns to 1.17.1 
(cherry picked from commit 5f2c8ac38faf1ba373e73868fe88033dd8a1ffe2)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
df00b1d69d Minor update to cilium and calico 
(cherry picked from commit de46f86137b978248b377c15038363bb35677d90)
 2021-03-23 07:29:36 -07:00
Florian Ruynat
d74dcfd3b8 Update kube-ovn to 1.6.0 (#7240) 
(cherry picked from commit edc4bb4a4985753bac5bf527014c2925f7d843bf)
 2021-03-23 07:29:36 -07:00
Maciej Wereski
c1c720422f Upgrade openSUSE Leap to 15.2 (#7331) 
15.1 has reached EOL on 2021-02-02.

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
(cherry picked from commit 69d11daef6f6211b9741621a76b82829963492e9)
 2021-03-23 07:29:36 -07:00
Etienne Champetier
bac71fa7cb Fixup one more missing kubespray-defaults (#7375) 
"The error was: 'proxy_disable_env' is undefined\n\nThe error appears to
be in '<censored>scale.yml': line 72, column 7"

Fixes 067db686f6e8149b7a94d43d74f89e55595a95ad

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 057e8b435877c8682c57f3bd5168728a07c7a9a9)
 2021-03-23 07:29:36 -07:00
Lennart Jern
ac1aa4d591 Check for dummy kernel module (#7348) 
The dummy module is needed for nodelocaldns.

(cherry picked from commit 5a54db2f3ced6a78bbe77119e2ce932990b4c0ff)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
c22915a08c Fixup kubelet.conf to point to kubelet-client-current.pem (#7347) 
c9c0c01de019e502b2e73e6fd65e9bf52e063bb6 only fix the problem for new clusters

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 14b63ede8c311685088f38ba00a032ee4a828c09)

Conflicts:
	roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml
 2021-03-15 07:07:05 -07:00
Maciej
0ea43289e2 ansible and jinja2 updates (#7357) 
* Update ansible to v2.9.18

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>

* Update jinja2 to v2.11.3

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
(cherry picked from commit b07c5966a616e00668786a16ab31e6de75aa3226)
 2021-03-15 07:07:05 -07:00
Victor Morales
01e527abf1 Add privileged_without_host_devices support (#7343) 
When privileged is enabled for a container, all the `/dev/*` block
devices from the host are mounted into the guest. The
`privileged_without_host_devices` flag prevents host devices from
being passed to privileged containers.

More information:
* https://github.com/containerd/cri/pull/1225
* 1d0f68156b

(cherry picked from commit dc5df57c262efd4f856295f7f67813568a527f25)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
704a054064 Delete misnammed kubeadm-version.yml 
The important action in kubeadm-version.yml is the templating of the configuration,
not finding / setting the version

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit a9c97e5253c455546c2c7fdd794147eeb9b8ab7a)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-version.yml
 2021-03-15 07:07:05 -07:00
Etienne Champetier
8c693e8739 Always backup both certs and kubeconfig 
There are no reasons not to backup during upgrade

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 53e5ef6b4e2b4f9e8fd797773f4eabf7701158da)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-backup.yml
	roles/kubernetes/master/tasks/kubeadm-certificate.yml
 2021-03-15 07:07:05 -07:00
Etienne Champetier
9ecbf75cb4 Remove rotate_tokens logic 
kubeadm never rotates sa.key/sa.pub, so there is no need to delete tokens/restart pods

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 8800b5c01d7dbdc99f81464ba5f2f96799e7eed1)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
591a51aa75 Remove admin.conf removal 
kubeadm is the default for a long time now,
and admin.conf is created by it, so let kubeadm handle it

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 280036fad65736a7f0944190a0f8803fb79b786e)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
76a1697cf1 Remove useless call to 'kubeadm version' 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit a6e1f5ece9f50dd717556af0f31557b621063702)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
1216a0d52d Remove pre kubeadm cert migration tasks 
apiserver.pem is not used since ddffdb63bfcc65a1731a16d316ce10d4903e3261

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit fedd671d68bfadc3446ae5a5c9961ae769773c4a)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml
	roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
 2021-03-15 07:07:05 -07:00
Du9L.com
f4d3a4a5ad kubeadm-config.v1beta2.yaml.j2: etcd log level arg (#7339) 
According to [etcd's docs](https://etcd.io/docs/v3.4.0/op-guide/configuration/#--log-package-levels), argument 'log-package-levels' should not contain underscores.

(cherry picked from commit b7c22659e308af6ab20484a5032a62d57f945d7b)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
3c8ad073cd Stop using kubeadm to update server in kubeconfigs (#7338) 
Using `kubeadm init phase kubeconfig all` breaks kubelet client certificate rotation
as we are missing `kubeadm init phase kubelet-finalize all` to point to `kubelet-client-current.pem`

kubeconfig format is stable so let's just use lineinfile,
this will avoid other future breakage

This revert to the logic before 6fe2248314fb319563a60ae023b552371e34e148

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit c9c0c01de019e502b2e73e6fd65e9bf52e063bb6)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
53b9388b82 Add kube-ipvs0/nodelocaldns to NetworkManager unmanaged-devices (#7315) 
On CentOS 8 they seem to be ignored by default, but better be extra safe
This also make it easy to exclude other network plugin interfaces

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit e442b1d2b9ce7734093a724c3d35462f1b3cbcb8)
 2021-03-15 07:07:05 -07:00
Etienne Champetier
f26cc9f75b Only use stat get_checksum: yes when needed (#7270) 
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit de1d9df7875d1f451fb7974840ddc0a645551b6e)

Conflicts:
	roles/etcd/tasks/check_certs.yml
 2021-03-15 07:07:05 -07:00
stress-t
5563ed8084 Fix: added string to bool conversion for use_localhost_as_kube api load balancer (#7324) 
(cherry picked from commit 15f1b191368bfe920c250d32960e18854ad42ed6)
 2021-03-02 08:33:19 -08:00
stress-t
a02e9206fe Improving PR 6473 (#7259) 
(cherry picked from commit 796d3fb975cd880c42f6dcf67001588fa20510e6)
 2021-03-02 08:33:19 -08:00
Florian Ruynat
e7cc686beb Fix recover-control-plane undefined 'proxy_disable_env' variable (#7326) 
(cherry picked from commit 05adeed1fac3b593f52149574b330d480672e02a)

Conflicts:
	recover-control-plane.yml
 2021-03-02 08:33:19 -08:00
wangxf
5d4fcbc5a1 fix: the filename </etc/vault> is Duplicate in the reset role. (#7313) 
(cherry picked from commit 154fa45422949193d390242c4994e4d11895f4b8)
 2021-03-02 08:33:19 -08:00
Florian Ruynat
ba348c9a00 Move centos7-crio CI job to centos8 (#7327) 
(cherry picked from commit e35becebf8f55ce3dc32be26ed64495916291889)
 2021-03-02 08:33:19 -08:00
Kenichi Omichi
b0f2471f0e Update Ansible to v2.9.17 (#7291) 
This updates Ansible version to the latest stable version 2.9.17.

(cherry picked from commit 0ddf915027f6e75474ab0027a540fc349722eadc)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
fbdc2b3e20 Fix proxy usage when *_PROXY are present in environment (#7309) 
Since a790935d02dc2787f6de41695ec955dc49fc93b1 all proxy users
should be properly configured

Now when you have *_PROXY vars in your environment it can leads to failure
if NO_PROXY is not correct, or to persistent configuration changes
as seen with kubeadm in 1c5391dda78b43fc629320dd59f1234e81afb2ad

Instead of playing constant whack-a-bug, inject empty *_PROXY vars everywhere
at the play level, and override at the task level when needed

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 067db686f6e8149b7a94d43d74f89e55595a95ad)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
557139a8cf Fix reset when using containerd (#7308) 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit ed2b4b805e937aab8118600d3f83b48fe980d3ff)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
daea9f3d21 Set Kubernetes default version to 1.19.8 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
 2021-03-02 08:33:19 -08:00
Florian Ruynat
ac23d89a1a Add hashes for Kubernetes 1.18.16/1.19.8/1.20.4 
(cherry picked from commit 86ce8aac8518a58542ba649fd1ff8574f0eeb561)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
3292887cae Fix "api is up" check (#7295) 
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 662a37ab4f623668ac002a86bb8d2fe7fe23ea10)
 2021-03-02 08:33:19 -08:00
Etienne Champetier
c7658c0256 Remove calico-upgrade leftovers (#7282) 
This is dead code since 28073c76ac26455a720aa1b13287155726e956fb

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 3749729d5a2fb71bad6ca3fdddaedaf328e03579)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
716a66e5d3 facts.yaml: reduce the number of setup calls by ~7x (#7286) 
Before this commit, we were gathering:
1 !all
7 network
7 hardware

After we are gathering:
1 !all
1 network
1 hardware

ansible_distribution_major_version is gathered by '!all'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit fb8b0751103790daea52d1c1813e087b25126235)
 2021-02-22 06:01:43 -08:00
Matt Calvert
efd138e752 Ensure we gather IPv6 facts 
(cherry picked from commit 366cbb3e6f3d4df2618e4ed4bc4191dcbed5b169)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
40857b9859 Ensure kubeadm doesn't use proxy (#7275) 
* Move proxy_env to kubespray-defaults/defaults

There is no reasons to use set_facts here

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

* Ensure kubeadm doesn't use proxy

*_proxy variables might be present in the environment (/etc/environment, bash profile, ...)
When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests

We cannot unset env variables, but kubeadm is nice enough to ignore empty vars
93d288e2a4/cmd/kubeadm/app/util/env.go (L27)

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 1c5391dda78b43fc629320dd59f1234e81afb2ad)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
176df83e02 Fixup cri-o metacopy mount options (#7287) 
Ubuntu 18.04 crio package ships with 'mountopt = "nodev,metacopy=on"'
even if GA kernel is 4.15 (HWE Kernel can be more recent)

Fedora package ships without metacopy=on

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 5c04bdd52bdb6115fb06bdd31b9862427dcef2e2)
 2021-02-22 06:01:43 -08:00
Etienne Champetier
60b405a7b7 bootstrap-os: match on os-release ID / VARIANT_ID (#7269) 
This fixes deployment with CentOS 8 Streams and make detection more reliable

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit 95b329b64d571dc7e4aba9696db998ee95cbd1cb)

Conflicts:
  roles/bootstrap-os/tasks/main.yml
 2021-02-22 06:01:43 -08:00
Cristian Calin
d48a4bbc85 add containerd.io to dpkg_selection (#7273) 
`containerd.io` is the companion package of `docker-ce` and is the
proper package name. This is needed to avoid apt upgrade/dist-upgrade
from breaking kubernetes.

(cherry picked from commit 64502077131f587ad8bdd35802bfd406ec07891d)
 2021-02-22 06:01:43 -08:00
Takashi IIGUNI
10b08d8840 fix: Restart network doesn't work on Fedora CoreOS (#7271) 
Running remove-node.yml tasks for clean up cluster on Fedora CoreOS.
The task failed to restart network daemon (task name: "reset | Restart network").
Fedora CoreOS is essentially using NetworkManager, but this task returns network.

Signed-off-by: Takashi IIGUNI <iiguni.tks@gmail.com>
(cherry picked from commit bcaa31ae338b9710c36f17cb5a990d4be6f71391)
 2021-02-22 06:01:43 -08:00
David Louks
189ce380bd Remove deletion of coredns deployment. (#7211) 
* Add unique annotation on coredns deployment and only remove existing deployment if annotation is missing.

* Ignore errors when gathering coredns deployment details to handle case where it doesn't exist yet

* Remove run_once, deletegate_to and add to when statement

(cherry picked from commit 0cc17267811efa7b9568cdd264d57fd1640e23a8)
 2021-02-22 06:01:43 -08:00
Geonju Kim
5f06864582 Change the owner of /etc/crictl.yaml to root (#7254) 
(cherry picked from commit 1a91792e7ce15610c9567a5a4f04ff0fdb4bc43b)
 2021-02-22 06:01:43 -08:00
Mathieu Parent
3ad248b007 Update Helm version to 3.5.2 (#7248) 
Helm v3.5.2 is a security (patch) release. Users are strongly
recommended to update to this release. It fixes two security issues in
upstream dependencies and one security issue in the Helm codebase.

See https://github.com/helm/helm/releases/tag/v3.5.2

(cherry picked from commit 670c37b4282700ba5e3144828b0bd963a45e0408)
 2021-02-22 06:01:43 -08:00
petruha
754a54adfc Run containerd related tasks on OracleLinux. (#7250) 
(cherry picked from commit fc8551bcba22f104dc8b5cc92ff5cbd7dcea3fa7)
 2021-02-22 06:01:43 -08:00
forselli-stratio
960844d87b Fix ansible calico route reflector tasks in calico role (#7224) 
* Fix calico-rr tasks

* revert stdin only when it's already a string

(cherry picked from commit 88bee6c68ed7518d9906c982486dcda6f56e02e7)
 2021-02-22 06:01:43 -08:00
Sander Cornelissen
6bde4e3fb3 Ensure when use_oracle_public_repo is set to false the public Oracle Linux yum repos are not set (#7228) 
(cherry picked from commit b70d986bfadee2590d7568d704127312af25c358)
 2021-02-22 06:01:43 -08:00
Felix Breuer
3725c80a71 FIX: Bastion undefined variable (#7227) 
Fixes the following error when using Bastion Node with the sample config.
```
fatal: [bastion]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'bastion'\n\nThe error appears to be in '/home/felix/inovex/kubespray/roles/bastion-ssh-config/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: set bastion host IP\n  ^ here\n"}
```

(cherry picked from commit 973628fc1b7dba845dbef80cd0fbf74899a8e3a3)
 2021-02-22 06:01:43 -08:00
Robin Elfrink
d94f32c160 Fix unintended SIGPIPEs. (#7214) 
(cherry picked from commit 91fea7c9565968affcf9c16bcd467b2b37f82989)
 2021-02-22 06:01:43 -08:00